Disclaimer

The content of this blog is my personal opinion only. Although I am an employee - currently of MIPS Technologies, in the past of other companies such as Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Thursday, May 07, 2015

https vs http - why not signed but not encrypted https?


From: Andy Glew
Newsgroups: grc.securitynow
Subject: https vs http - why not signed but not encrypted https?
X-Draft-From: ("nntp+news.grc.com:grc.securitynow")
Gcc: nnfolder+archive:sent.2015-05
Date: Thu, 07 May 2015 11:57:35 -0700
Message-ID:
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (darwin)
Cancel-Lock: sha1:3QSNHoOOsLInTT2t9aCFbf/tYoY=

(New user in grc.securitynow. Longtime podcast listener. Very long time
ago USEnet user (not so much nowadays).  My apologies if this is a FAQ.)

OK, so there's a trend to encrypt all traffic - to use https, to
discourage http.  If for no other reason than to make man-in-the-middle
attacks harder.

One of the big losses is caching: the ability for somebody like a school
in a bandwidth deprived part of the world (like Africa, now; like
parts of Canada, when I grew up, although no longer so true) to cache
read-only pages that are used by many people.   Like the website I used
to run, and which I hope to bring back up sometime soon - a hobbyist
website for computer architects.  No ads.  No dynamic content.

Heck, like this newsgroup would be, if it were presented as webpages.

HTTPS encryption, with a different key for each session, means that you
can't cache. Right?



Q: is there - or why isn't there - an HTTPS-like protocol where the
server signs the data, but where the data is not encrypted?

(I thought at first that the null cipher suite in HTTPS / TLS was that,
but apparently not so.)

Having the server sign the data would prevent man-in-the-middle
injection attacks.

An HTTPS-like handshake would be needed to perform the initial
authentication, verifying that the server is accessible via a chain of
trust from a CA you trust.  (Bzztt.... but I won't rant about web of
trust and CA proliferation.)



Possibly you might want to encrypt the traffic from user to server,
but only sign the traffic from server to user.



So, why isn't this done?


It seems to me it would solve the "HTTPS means no caching" problem.




OK, possibly I can answer part of my own question: signing uses the
expensive public key cryptography on each and every item that you might want to
sign.  Whereas encryption uses relatively cheaper bulk encryption,
typically symmetric key protocols like AES.

Signing every TCP/IP packet might have been too expensive back in the early days
of the web. Not to mention issues such as packet fragmentation and recombining.

But note that I say "each and every item that you want to sign".
Perhaps you don't need to sign every packet.  Perhaps you might only
sign every webpage.  Or every chunk of N-kiB in a web page.

A browser might not want to start building a webpage for display until
it has verified the signature of the entire thing.   This would get in
the way of some of the nice incremental fast rendering approaches.

But, perhaps the browser can incrementally render, just not enable
Javascript until the signature has been verified?   Or not allow such
Javascript to make outgoing requests?   I am a computer architect: CPU
hardware speculatively executes code befopre we know it is correct, and
cancels it if not verified.  Why shouldn't web browsers do the same?

I.e. I don't think latency of rendering should be an obstacle to having
cacheable, signed but not encrypted, HTTPS-like communication.

Probably the plain old computational expense would be the main
obstacle. I remember when just handling the PKI involved in opening an
SSL connection was a challenge for servers. (IIRC it was almost never a
challenge for clients, except when they opened too many channels to try
to be more parallel.)  What I propose would be
even more.



But:

(1) CPUs are much faster nowadays.  Would this still really be a
problem?

+ I'm a computer architect - I *love* it when people want new
computationally demanding things.  Especially if I can use CPU
performance (or GPU, or hardware accelerator) performance, which is
relatively cheap, to provide something with social value, like saving
bandwidth in bandwidth challenged areas of the world (like Africa - or,
heck, perhaps one day whden the web spans the solar system).

(2) Enabling caching (or, rather, keeping caching alive) saves power -
now I mean power in the real, Watt-hours, sense, while requiring
signatures and verifying them consumes CPU cycles.   I am not sure that
the tradeoff prohibits what I propose.

Wednesday, May 06, 2015

MacBook doesn't like surprises: UCB and display problems

Effing MacBook:



As usual, when I disconnect at home and come to work, I waste 15-30 minutes trying to get my displays and keyboard and trackball working.  If it was always the same problem I might have figured out a workaround - but the problem changes in a minor way.



Today, the problem was that when I plugged in at work, my external monitors worked, but my laptop LCD monitor was not working.  Black.  Not reported by System Preferences => Displays.



(Usually it is one or both of the external monitors that do  not work. And/or the USB keyboard and trackball.  But today it is different.)



Various attempts to fix, like unplugging the external monitors, going to sleep, etc., do not help.  Unplugging external monitors and going to sleep  / waking up[ => a laptop with a blank screen.



So, as usual, I rebooted.



At the moment, I am rebooting my MacBook once or twice a day.  Usual;l;y to try to get a display to work, or to get my USB keyboard and trackball working.



Note that I say "both" external displays above.   I only have two external displays, a 30" HDMI, and a USB BVU195 display adapter.   On Windows I used to have 3 or 4 external displays, as well as my laptop LCD.  Not so on the MacBoo.



I expected the Mac to handle multiple displays better that Windows?  Not in my experience! :-(



(MacBook Pro 15" retina Mid-2014)



---



I wonder if these problems are related to "surprise" disconnects - disconnecting from USB and external monitors without doing something to Mac OS-X first.   Windows used to have problems with such surprise disconnects circa 2000, perhaps Macs are just behind.  But I can't find any way to tell MacOS "I am about to disconnect you now".




Thursday, April 30, 2015

The Grammarphobia Blog: Why is “m” a symbol for slope?

The Grammarphobia Blog: Why is “m” a symbol for slope?: "In Mathematical Circles Revisited (2003), the math historian Howard W. Eves suggests that it doesn’t matter why “m” has come to represent slope.

“When lecturing before an analytic geometry class during the early part of the course,” he writes, “one may say: ‘We designate the slope of a line by m, because the word slope starts with the letter m; I know of no better reason.’ ”"



'via Blog this'

Wednesday, March 11, 2015

Buying a MacBook was a big mistake!!! :-(

For the New Year, I bought myself a MacBook - a MacBook Retina Pro.

My old Lenovo X220 convertible tablet PC was dying - SSD errors everywhere (SpinRite fixed, but I could not trust the SSD any more) I could have replaced the SSD, but chunks of the plastic case were falling off, the USB 3 port had long since failed...

Plus, although I loved my pen computer, I had started using an iPad (my daughter's, although she was not using it), so my need for portable web browsing and email on a screen larger than my phablet was being better met --- while my need for a portable computer with lots of pixels that was convenient to do real work on was not being met.  The 1366x768 pixels are not enough - even my iPad mini has more resolution.

Plus, my daughter uses a MacBook, since her old school insisted on Apple.  I wish that she would switch to something cheaper, like Windows or Linux on a Wintel laptop - but she is happy.  And I figured that I would be able to help her more if I were more familiar with the MacBook, through everyday use.

Plus, I just upgraded my wife's and my daughter's iPhones, and I switched myself from Android to iPhone. Plus the iPad I mentioned above. The big reason for this was TouchID. Fingerprints are the Next Killer App. (I suspect that this is the real reason for the jump in Apple's sales for Xmas 2014.)

So I figured: Why not be 100% Apple and buy a MacBook?

Big mistake.

So I bought a high end MacBook Pro Retina, 2880x1800, 1TB disk.

(Actually, despite all the reasons for considering Apple above, I might have purchased a good Windows PC with a retina level display - except that at the time I could not find one with a 1TB SSD from the manufacturer.  And I had just been burned by buying an aftermarket SSD from Crucial, that turned out to have major loss-of-data problems.)

Big mistake.

Now, the MacBook is a pleasant machine.  Sure, there are annoyances like the Mac's option and command rather than control and alt - but you can get used to those.  If I could get away with only using Mac applications.

Unfortunately, I have to use some Windows applications. And/or Microsoft applications running on MacOS.

For example, I am writing this plaintive blog entry because the MacOS native Microsoft PowerPoint.app, is hung. Again.  When I kill it, it hangs again.  I have had to reboot my MacBook twice today to clear this problem.

OK, so maybe the fault is Microsoft's rather than Apple's.  Nevertheless, since I had fewer problems on Windows, it's a ding against buying my MacBook. 

Perhaps I should use non-Microsoft tools, like Apple's Keynote.app to prepare slides? Or something Open Source? Sure... but I have to be able to exchange .PPT files.  And the non-MS apps often produce .PPT that is broken, that is not WISIWTG  (What I See Is What They Get). Sometimes they cannot open the files.  And there are features missing.

FrameMaker was a biggie.  I need to use FrameMaker, an  obsolete techpubs app.  No longer available on UNIX, only Windows.  Attempting to use obsolete Version 7 FrameMaker on an old SUN SPARC remotely across a slow network wa painfully slow. So I transferred my PC Framemaker license to Windows 8 running on Parallels on my MacBook.   That was one of the big reasons to buy a 1TB SSD - I had filled up my old 512GB SSD with just one OS, and now I had to install two.

And this works acceptably well.  I can use FrameMaker on my Mac.

But...  using a virtual machine environment like Parallels is a pain.  Now I have two OSes to maintain: two OSes that must be updated regularly.  Twice as many reasons to reboot.  Sure, if I am rebooting the Windows Guest I can continue to use MacOS - but not vice versa.

My original plan had been to try to only use FrameMaker on Windows under Parallels, and use native MacOS apps for everything else.  My Office license gave me access to the native MacOS versions of all of the Microsoft apps I use.

Except... they are all a bit off. A bit lacking.  E.g. conversation mode doesn't really work in native MacOS Outlook.app.  So I started using Outlook under Parallels.   But now if I click on a link, it starts Internet Explorer.  Gack!  So I have to install Chrome inside Parallels, as well as Chrome on MacOS...

Eventually I have ended up with both MacOS and Windows versions of most of the apps I use installed.

And now things get really confusing.  I must say ctl-C under Parallels, and cmd-C in MacOS.  Now, which version of the app am I using?   If you type the wrong keystroke at the wrong app, crazy things happen.  (Remapping the modifier keys is a slippery slope...)

The only way I can stay sane is to try, as much as possible, to only use the more functional Windows versions of apps. It's still confusing when I have MacOS apps versus Windows.

Tell me again: if I am mainly using Microsoft apps under Parallels virtual machine, why did I buy a Mac again?

Yes: I insist on having UNIX-like commands.   But Cygwin gives me most open source UNIX commands and Microsoft/Windows apps, with a lot less hassle than using MacOS for UNIX-like commands and Parallels for Windows apps.

(Perhaps things would be better with Linux as the host and Windows running in Xen.  Linux and Windows have more similar user interface behavior than Windows and Mac.)

And then there are the generic Mac shortcomings:

I hoped and expected that MacOS, being beloved of artists and graphics folk, would support multiple monitors well.  BZZTTTTT!!!!  On my dinky little Lenovo I used to drive 3 external monitors: a 30" 2560x1600, and two 24" 1200x1920 to read full pages of books and papers.  My MacBook can only drive 1 of each - this would be totally unacceptable, except for the fact that the laptiop display itself is so nice.

Fingerprint: my old Lenovo had a fingerprint reader, no MacBook does (at this time).  This is especially annoying, since I am chanting "Fingerprints are the next Killer App", and bought an iPhone mainly to get TouchID.

LastPass does not work well in the Apple ecosystem.  I now have to type in my (long) password many more times a day than I used to.

MacOS apps usually do not come with uninstallers.  Supposedly they do not need uninstallers.  BZZZTTTT!!!!!   

Windows has some very useful user interface things - like bumping a window against the top or side to maximize. MacOS lacks these.   Add-ons like SizeUp help, but do not work for all apps.  Like, SizeUp does not work for EMACS, or for FrameMaker. My two most frequently used apps.

Overall, app behavior under the Window manager is much less consistent in MacOS.

MacOS has no equivalent of AutoHotkey. AppleScript comes close, but cannot do everything that AHK does.  (I had forgotten how many AHK shortcuts I used on Windows.  I can run AHK on Parallels - but then the shortcuts do not work everywhere.)

Did I complain about MacOS's lousy support for multiple, large, displays?

Like, you cannot move the notification area around.

Like, the Dock can only be at the bottom of a screen, or at the side of all - not at the side of any display, the way I can move the windows taskbar.

Windows spanning multiple displays on MacOS are awkward.  Not the default on Yosemite.  You can get them, but then you lose the Dock appearing on any display.

The whole basic Apple concept, dating back to Xerox, of a menu bar at the top of the screen, with several windows swimming in the display, is a big loss with a large display.  It's a LONG way on a 30" monitor, to move your mouse from the bottom right hand corner of a display to the menu bar at the top left hand corner. Would not be so bad if there were more keyboard shortcuts...  but Apple dislikes keyboard shortcuts, and no AHK equivalent.   No mouse warping.

Did I mention how expensive Apple hardware is?  PC hardware is about 33% less, if not half the price.

---

The list goes on and on.

After 2.5 months of using the MacBook, I like it less and less. 

It was probably a big mistake to buy a MacBook to run Parallels. It wopuld probably be better to run Windows with Cygwin. Perhaps Linux with Xen to run Windows, but even that is 2X the OS sysadmin work.

Perhaps one day I will not need to use Outlook, or PowerPoint, or Word.  Then, I think, MacOS might be worthwhile.  But not now.

Now, I am waiting for Windows 10 to be released.  If there is a retina class Windows 10 convertible, with touchscreen and pen and fingerprint, enough RAM and a 1TB SSD, I will switch. If I can afford to.  If buying the MacBook has not exhausted all o0f my computer budget for this year.

---

Now, the smaller list of what I like about the MacBook:

It does have a nice LCD.  (But so do many PCs nowadays.)

There is a large variety of interesting IMAP mail clients in the Apple MacOS app store. Some of them are almost as good as the iPhone and Android mail client apps.  There are far fewer of these on Windows.

Much of what I do nowadays is cloud based web apps.  These usually run okay on both MacOS and Windows.

But native apps on MacOS, or Windows apps under Parallels?  Better to be native Windows.

Saturday, December 06, 2014

Conditional Text, Superposition, Quantum

I have been posting a lot about conditional text.  Work. FrameMaker. Bah!



Just read a Quantum Computing paper.



Conditional text and quantum seem related: both involve superposition, having a single value represent multiple.  If I advocate conditional text, should I also advocate quantum?



Here's a thought: why is quantum computing more efficient? If the answer is superposition, the increased efficiency may lie in the fact that  a single operation involving two values, one with M superpositioned values, and the other with N, usually corresponds to M*N non-superpositioned values.



In I-stages



    val.stage_i.j := val.stage[i-1].jj OP val.stage[i-1].kk



If 2-way superimposed by stage 0, doubles every stage =>  stage 1:2*2=4, stage:4*4=16, and so on.



Not just 2^N but is more.





---





But, if noise reduces the number of superposed states to a small finite number: then quantum is "only" a constant multiplier increase in efficiency.



I.e. in the presence of noise, quantum is not a big-O increase in computational efficiency.





This is so obvious that I am sure there must be a flaw in my reasoning.

Friday, December 05, 2014

WYSIWYG conditional text: distinguishing

One big problem for WYSIWYG conditional text is allwing the editor to recognize the conditions.



Basically, to do WYSIWYG editing of conditional text, you need to be non-WYSIWYG ... :-(



There are only a few things that you can do to distinguish different conditions:



* use color

* use font bold, italic.  Fontsize not so good.

* use background colors

* use marks like underlining, strikethrough, crosshatching.



Anything that is used to indicate conditions might conflict with the same visual effects used in the final document.  Not so bad if preparing for publication in the traditional press, which is largely black and white. Bad if you want to use those effects, e.g. on a webpage.



If you have limited colors, say 4, and limited effects, say single and double underling => well, you only get 8 combinations.   But even the v123 tABC example exceeds that.



You get to 4x4x4x2 if you allow all combinations of letter color, underline color. and background color. I don't know of a tool that does this.  Sure, it would look cluttered - but I suspect that my brain coukld decode.



Of course, have more colors than 4.  But conversely, probably don't use exactly the same colors - foreground text red on background red is useless.  The system probably needs to automaically adjust, so that it is foreground red on a immd red that can show the contrast.  Conventions.



---



Not to mention that we want to see overlapping tags.  E.g. reserve background color for one set of tags, v123; text for another tABC.   This doesn't scale.



---





Two effects may scale:



underlining with different colors



flyovers - these can indicate arbitrary combos of conditions.



---



Part of the trouble in managing WYSIWYG conditional text is that an upstream usr may decide to user a color that you have already used.



Quite apart from the logic.